TheHackerGiraffe 🖨 @HackerGiraffe Hi! I'm a giraffe. Also a hacker. Fight me. Hacking/Tech questions are welcome! Dec. 01, 2018 2 min read

Here is how the entire #pewdiepie printer hack went down:

1. I was bored after playing Destiny 2 for a continous 4 hours, and decided I wanted to hack something. So I thought of any vulnerable protocols I could find on shodan

(1/)

2. While playing around on Shodan, the idea came to me that maybe I can hack printers around the world to print something, I didn't know what at the time. After learning about the three different printing protocols (IPP, LPD, JetDirect), I went and searched those ports on shodan.

3. I was horrified to see over 800,000 results show up in total. I was baffled, but determined to try and fix this. So I picked the first 50,000 printers I found running on port 9100 and downloaded the list off shodan.

4. Now I had to think...What to print? It didn't take me long to realize that the most perfect thing to print would be a message supporting our dear overlord @pewdiepie himself! And so I opened up my text editor and typed up the following note:  https://pastebin.com/ASuKK3qL 

5. Now: I needed a tool that lets me connect to printers on this port and print...a google search and I stumbled across PRET ( https://github.com/RUB-NDS/PRET ) that fulfilled all my hopes and dreams...but also my nightmares.

5 (continued). PRET had the scariest of features. Ability to access files, damage the printer, access the internal network...things that could really cause damage. So I had to do this, to at least help organizations and people that can protect themselves.

6. I typed up the following bash script which ironically can fit in a tweet:

#!/bin/bash
while read -r line; do
ip="$line"
torify ./PRET/pret.py $ip pjl -q -i ./commands.txt
done < "./potential_bros.txt"

6 (cont.) Now what this script does, is simply take my input (potential_bros.txt) and loop through every line, running PRET against that IP with the commands in commands.txt

7. Commands.txt contains the following:

print ./message.pdf
display HACKED
quit

That's literally it.

8. Uploaded the script onto my server, opened a tmux session, ran the script in there and left it running. Came back to check Thursday night and just seeing the first person to be hacked by this made my entire week.



This was the tweet that made me know that this, this was serious.

I left the script running, made this twitter account, made u/TheHackerGiraffe, and waited for people to hit me up. and that's where I'm at now.

Here's how the attack looked like on my server:  https://imgur.com/0UE9kdn 

Any questions?


You can follow TheHackerGiraffe 🖨.

____
Tip: mention @threader_app on a Twitter thread with the keyword “compile” to get a link to it.

Enjoy Threader? Tell @jack.

Download Threader on iOS.